With the rising of BYOD and the increasing of business processing with mobile intelligent terminals in the government and enterprises, more and more importance is being placed on the problem of data security confidentiality on mobile intelligent terminals. However, with office applications and private applications running on the same mobile intelligent terminal, once a mobile application reads and modifies government and enterprise data without being authorized, it could result in leak of government or enterprise secrets, causing security threats. Now, it is urgent to effectively control data reading and processing on the mobile intelligent terminal, so as to ensure the security confidentiality thereof.
Existing MDM product for mobile terminal data protection mainly is the CHINASEC mobile security management platform of MING CHAO WAN DA company, which is primarily realized via file encryption and VPN security transmission. All the data sent from the intranet to the mobile terminal is encrypted, and the mobile terminal can operate on the data on condition of having been authenticated by the password input at the client end of the product.
This technique cannot perform fine-grained discrimination and isolation on the data so far. All the data is transmitted to the mobile intelligent terminal after being encrypted by a mobile gateway, and all the applications pushed to the mobile intelligent terminal by the mobile gateway can operate on the data. Data confidentiality is ensured merely by uniform encryption and VPN transmission, and it can neither implement different protection policies for different types of data nor define the operation authority of different mobile applications for different data. Once an illegally authorized application is pushed by mistake, this application will have the authority to read all the data. In addition, it will consume a large amount of resources to perform the encryption and VPN transmission method on all the data transmitted to the mobile intelligent terminal via the mobile gateway.
Existing personal mobile terminal data protection products are mainly Tencent Mobile Manger, 360 Mobile Phone Security Guard, etc., all of which use the method of file confidentiality box. A user puts the designated data into the “safe box”; and when a mobile application accesses the data, authority authentication (the user inputs a password for authentication) is performed on the application, and the application is authorized to operate all the data after being discriminated, so as to realize control of mobile data confidentiality.
This technique can only realize coarse-grained control of data so far. Not only each piece of sensitive data is required to be added to the file confidentiality box by the user manually, but also the user has to input the password manually every time using the sensitive data. The confidentiality levels of data are very monotonous, which are only divided into 2 levels of “secret” and “non-secret”; the confidentiality of data is not strong either, and once the password is leaked, or other applications obtain the data operation authority via a certain mobile application, none of the data will be protected effectively; in addition, the sensitive data can only be protected on the mobile terminal, and once being sent out of the current mobile terminal by an application which has obtained legal authority, the sensitive data will not be able to be protected any more.